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1  Summary  of  Technical  Accomplishments 


This  project  investigated  the  problem  of  analyzing  concurrent  and  distributed 
systems,  in  order  to  determine  whether  they  behave  as  intended  by  their  de¬ 
velopers.  We  explored  analysis  of  both  “logical”  properties,  such  as  freedom 
from  deadlock  or  enforcement  of  mutually  exclusive  access  to  a  resource,  and 
timing  properties,  such  as  the  time  that  can  elapse  between  the  occurrence 
of  certain  events  in  an  execution  of  the  system.  Our  work  has  focussed  on 
the  development  of  automated  analysis  techniques  that  could  serve  as  the 
basis  for  practical  tools  to  be  used  by  developers  of  concurrent  systems. 

The  major  difficulty  in  analyzing  the  behavior  of  concurrent  systems 
is  the  combinatorial  explosion  in  the  number  of  possible  states  of  the  sys¬ 
tems  as  the  number  of  component  processes  increases.  The  approach  taken 
in  this  project  deals  with  the  state  space  explosion  by  attempting  to  find 
strong  necessary  conditions,  in  the  form  of  linear  inequalities,  for  there  to 
exist  an  execution  of  the  concurrent  system  with  a  certain  property  and 
using  standard  integer  programming  techniques  to  determine  whether  these 
necessary  conditions  are  consistent  [3,8].  (References  in  this  section  refer  to 
the  publications  listed  in  the  next  section.  Additional  references  to  earlier 
work,  and  the  work  of  other  investigators,  can  be  found  in  those  papers.) 

At  the  start  of  this  project,  we  had  designed  a  prototype  toolset  based 
on  these  techniques.  One  of  the  first  tasks  of  this  project  was  an  initial 
implementation  of  that  toolset,  together  with  experimental  application  of 
it  to  a  variety  of  small  concurrent  and  real-time  systems  [9,  10].  These 
experiments  indicated  that  the  method  could  be  used  with  systems  that 
were  large  by  then-current  standards  for  automated  analysis.  We  then  re¬ 
implemented  the  toolset  to  incorporate  insights  gained  from  experience  with 
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the  original  version  and  new  analysis  techniques  [2].  Experiments  with  this 
new  version  [4-6]  showed  that  the  techniques  could  be  successfully  applied 
to  concurrent  systems  with  hundreds  of  processes. 

Later  work  in  the  project  focussed  on  extending  the  range  of  problems 
to  which  our  methods  could  be  successfully  applied.  In  the  course  of  this 
work,  components  of  the  toolset  have  been  re-implemented  to  improve  effi¬ 
ciency  and  implement  new  analysis  techniques  or  add  other  functionality.  In 
particular,  our  former  student,  James  C.  Corbett,  who  is  now  at  the  Univer¬ 
sity  of  Hawaii,  reimplemented  the  component  of  our  toolset  that  translates 
concurrent  system  specifications  to  finite  state  automata.  His  new  “deriver” 
supports  a  number  of  new  features  in  the  specification  lagnuage,  allowing 
the  convenient  description  of  a  wider  range  of  systems,  and  uses  data-flow 
analysis  techniques  to  prune  the  automata.  It  therefore  produces  smaller 
automata,  allowing  larger  systems  to  be  analyzed.  Using  this  new  tool,  we 
have  carried  out  timing  analyses  of  uniprocessor  concurrent  systems  with 
more  than  2500  reachable  states  [7]. 

Corbett  and  Avrunin  have  also  developed  and  implemented  methods 
for  finding  bounds  on  the  time  between  events  in  multiprocessor  concurrent 
systems  [14].  They  are  currently  working  on  improving  the  efficiency  of  these 
methods,  which  have  successfully  been  applied  to  multiprocessor  systems 
with  more  than  100  concurrent  processes.  Preliminary  results  suggest  that 
new  implementations  of  these  methods  will  be  useful  with  systems  at  least 
2  or  3  times  larger,  having  more  than  2300  reachable  states.  Corbett  and 
Avrunin  [16]  have  also  described  an  extended  version  of  the  basic  constrained 
expression  analysis  method  (based  in  part  on  Corbett’s  Ph.D.  dissertation) 
and  given  an  analysis  of  its  expressive  power. 

In  other  work,  Avrunin  has  been  collaborating  with  Professor  Victor 
Yodaiken  on  the  development  of  compositional  methods  that  would  allow 
large  systems  to  be  handled  by  analyzing  subsystems  separately,  using  con¬ 
strained  expression  techniques,  model  checking,  or  some  other  method,  and 
then  combining  the  results  of  these  analyses  [17].  This  work  uses  Yodaiken’s 
modal  primitive  recursive  function  approach  to  provide  both  a  very  general 
composition  operator  and  concise  descriptions  of  very  large  state  machines. 
Corbett  and  Avrunin  [15]  have  investigated  the  direct  application  of  the 
inequality-based  techniques  developed  in  this  project  to  show  that  a  compo¬ 
nent  of  a  large  system  is  equivalent,  in  the  sense  of  having  the  same  external 
behavior,  to  a  simpler  subsystem,  allowing  the  use  of  the  simpler  version  in 
analysis. 

One  of  our  interests  in  this  project  was  to  begin  to  develop  a  framework 
for  characterizing  classes  of  concurrent  and  real-time  systems  problems  and 
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analysis  techniques.  Such  a  framework  would  provide  a  basis  for  under¬ 
standing,  organizing  and  comparing  the  capabilities  and  results  obtained 
by  various  existing  or  proposed  approaches  to  analysis  of  concurrent  and 
real-time  systems.  This  will  be  important  both  as  an  abstract,  scientific 
contribution  to  taxonomizing  an  area  of  computer  science  research  and  also 
as  a  practical  aid  to  developers  of  concurrent  and  real-time  software  who  may 
be  faced  with  choosing  among  alternative  analysis  methods  for  application 
to  a  given  analysis  problem.  Wileden  has  been  working  on  the  definition 
of  a  formal  basis  for  such  a  characterization  framework.  One  aspect  of  this 
effort  has  involved  extensive  experimentation  with  application  of  our  con¬ 
strained  expression  analysis  toolset  to  a  few  standard  concurrency  analysis 
problems,  such  as  several  variations  on  the  dining  philosophers  problem. 
This  experimentation  has  yielded  some  insights,  and  also  some  intriguing 
puzzles,  regarding  the  dimensions  of  variability  in  how  susceptible  seem¬ 
ingly  very  similar  problems  are  to  analysis  using  our  automated  methods. 
Another  aspect  of  this  work  has  been  continued  exploration  of  the  use  of 
our  constrained  expressions  formalism  as  a  formal  basis  for  describing  fea¬ 
tures  of  systems  and  analysis  problems.  This  approach  continues  to  show 
promise,  but  additional  investigation,  based  on  data  from  analysis  of  further 
examples  using  both  our  constrained  expression  tools  and  other  techniques, 
will  be  needed  to  validate  his  initial  observations  and  to  extend  and  refine 
the  framework. 
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3  Software  Prototypes  Developed 

Our  techniques  have  been  implemented  in  a  series  of  prototype  toolsets. 
The  earliest  version  consisted  of  five  separate  components,  written  in  Ada, 
FORTRAN,  and  Lisp.  In  more  recent  versions,  four  of  these  components 
have  been  integrated  into  a  single  Lisp  program  that  generates  inequalities 
starting  from  a  description  of  the  concurrent  system  given  in  an  Ada-like 
design  language  and  then  interprets  solutions  to  those  inequalities.  The  sys¬ 
tems  of  inequalities  are  solved  by  an  integer  programming  package,  written 
in  FORTRAN  and  based  on  the  MINOS  optimization  system  from  Stanford. 
The  new  Lisp  program,  developed  by  Corbett  in  the  course  of  his  disserta¬ 
tion  work  (which  was  supported  by  this  project)  and  more  recent  work  at 
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the  University  of  Hawaii,  supports  additional  features  in  the  specification 
language  and  permits  much  more  compact  specifications.  It  also  incorpo¬ 
rates  data-flow  analysis  techniques  to  prune  the  automata,  thereby  allowing 
larger  systems  to  be  analyzed.  Avrunin  and  Corbett  have  also  modified  this 
tool  to  implement  several  new  analysis  techniques  for  real-time  systems,  as 
well  as  their  compositional  techniques. 

4  Transitions 

Professor  James  C.  Corbett,  of  the  University  of  Hawaii  at  Manoa,  is  actively 
involved  in  research  on  real-time  systems  with  Professor  Avrunin,  and  has 
recently  extended  some  of  their  analysis  methods  and  tools  to  handle  the  full 
real-time  capabilities  of  Ada  9X.  Our  results  and  prototype  software  tools 
have  been  shared  with  Professor  Laura  Dillon  at  the  University  of  California, 
Santa  Barbara,  whose  work  involves  both  constrained  expression  analysis 
and  the  use  of  interval  logic  in  the  analysis  of  real-time  systems.  Dillon 
is  currently  using  some  of  the  new  constrained  expression-based  methods 
developed  by  Corbett  and  Avrunin  to  verify  assertions  in  real-time  interval 
logic.  At  the  request  of  Professor  Sol  Shatz  of  the  University  of  Illinois  at 
Chicago,  Avrunin  and  Corbett  have  analyzed  a  number  of  example  systems 
in  order  to  provide  comparisons  between  the  constrained  expression  methods 
and  Shatz’s  reachability  space  reduction  methods. 
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